Phishing is a substantial security threat in the field of information security. Phishing may include attempts to acquire sensitive information, such as, personal details, usernames, passwords and/or credit card details, mostly for malicious purposes, by masquerading as a trustworthy entity in an electronic communication environment, such as, a website on the internet. Phishing may entice users to provide sensitive information by luring unsuspecting users to visit fraudulent websites that appear to be legitimate websites.
Phishing attempts may use various different mechanisms to lure unsuspecting users to visit fraudulent websites, such as, a fraudulent site link included in an email message or an instant message, a fraudulent site link embedded in digital media, and/or a fraudulent site name retrieved in response to a search query associated with a public search engine.
Any version of phishing also may rely, at least in part, on the concept of social engineering, which generally may refer to the psychological manipulation of people into performing a particular action and/or divulging confidential information. Some social engineering techniques may rely on various conditions of human nature to convince a user to perform a particular action and/or divulge confidential information, such as preying on a person's need for human interaction, appealing to a person's sense of vanity and/or greed, and/or the like. The social engineering techniques may also include presenting the fraudulent website to the user in a manner that visually mimics a known legitimate website, but that includes relatively minor syntactic, semantic, and/or visual alterations to the legitimate website. In this manner, when the unsuspecting user selects the fraudulent link and visits the fraudulent website, the user may likely not be aware that he is visiting the fraudulent website instead of the legitimate website.